Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Custom CA cert
See original GitHub issueI’m trying to connect to DigitalOcean-hosted postgres from linux box (also DO-hosted). While connecting from CLI using psql works fine using TLS, deno can’t connect, reporting:
Sending fatal alert BadCertificate
error: Uncaught (in promise) InvalidData: invalid certificate: UnknownIssuer
this.#conn = await Deno.startTls(this.#conn, { hostname });
^
at processResponse (deno:core/core.js:212:11)
at Object.jsonOpAsync (deno:core/core.js:230:12)
at async Object.startTls (deno:runtime/js/40_tls.js:69:17)
at async Connection.startup (https://deno.land/x/postgres@v0.11.2/connection/connection.ts:266:24)
I tried supplying DO cert file using --cert <file.pem> param, I tried installing the cert system-wide. I tried extracting the cert from Postgres server using openssl s_connect. No success. Can anyone help?
Using:
$ deno --version
deno 1.9.2 (release, x86_64-unknown-linux-gnu)
v8 9.1.269.5
typescript 4.2.2
Issue Analytics
- State:
- Created 2 years ago
- Reactions:3
- Comments:9
Top Results From Across the Web
How to Create Your Own SSL Certificate Authority for Local ...
In this article, we'll walk through creating your own certificate authority (CA) for your local servers so that you can run HTTPS sites ......
Read more >Self Signed Certificate with Custom Root CA - gists · GitHub
Create the certificate key · Create the signing (csr) · Verify the csr's content · Generate the certificate using the mydomain csr and...
Read more >Generate self-signed certificate with a custom root CA
Create your own custom Certificate Authority; Create a self-signed certificate signed by your custom CA; Upload a self-signed root certificate ...
Read more >Upload a Custom Server Certificate and CA Certificate (Nessus)
These steps describe how to upload a custom server certificate and certificate authority (CA) certificate to the Nessus web server through the command...
Read more >Custom CA certificates | Dialogflow CX - Google Cloud
Custom CA certificates can be self-signed certificates or custom root certificates. You can upload multiple certificates in case you want to rotate the ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Maybe this will help someone. I put pgbouncer on the same machine between the app and the database, so connections from Deno to pgbouncer are unencrypted, but pgbouncer uses TLS to connect to real database server.
Alright, ended up going way down the rabbit hole, added a cert option. Sadly something still goes wrong. Spent hours trying to make progress but no. Seems you’d need an intimate understanding of the connection negotiation between pg and Deno. Hopefully, some form of treat-unsafe-domain-as-safe flag lands soon, or someone writes or updates a driver to work with a passed cert file.